Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2018:0218-1

Опубликовано: 25 янв. 2018
Источник: suse-cvrf

Описание

Security update for GraphicsMagick

This update for GraphicsMagick fixes several issues.

These security issues were fixed:

  • CVE-2017-9262: The ReadJNGImage function in coders/png.c allowed attackers to cause a denial of service (memory leak) via a crafted file (bsc#1043353)
  • CVE-2017-9261: The ReadMNGImage function in coders/png.c allowed attackers to cause a denial of service (memory leak) via a crafted file (bsc#1043354)
  • CVE-2017-11750: The ReadOneJNGImage function in coders/png.c allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1051442)
  • CVE-2017-12676: Prevent memory leak in the function ReadOneJNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052708)
  • CVE-2017-12673: Prevent memory leak in the function ReadOneMNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052717)
  • CVE-2017-12641: Prevent a memory leak vulnerability in ReadOneJNGImage in coders\png.c (bsc#1052777)
  • CVE-2017-12935: The ReadMNGImage function in coders/png.c mishandled large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c (bsc#1054600)
  • CVE-2017-13147: Prevent allocation failure in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value (bsc#1055374)
  • CVE-2017-13142: Added additional checks for short files to prevent a crafted PNG file from triggering a crash (bsc#1055455)
  • CVE-2017-14103: The ReadJNGImage and ReadOneJNGImage functions in coders/png.c did not properly manage image pointers after certain error conditions, which allowed remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call (bsc#1057000)
  • CVE-2017-15218: Prevent memory leak in ReadOneJNGImage in coders/png.c (bsc#1062752)

Список пакетов

openSUSE Leap 42.2
GraphicsMagick-1.3.25-60.1
GraphicsMagick-devel-1.3.25-60.1
libGraphicsMagick++-Q16-12-1.3.25-60.1
libGraphicsMagick++-devel-1.3.25-60.1
libGraphicsMagick-Q16-3-1.3.25-60.1
libGraphicsMagick3-config-1.3.25-60.1
libGraphicsMagickWand-Q16-2-1.3.25-60.1
perl-GraphicsMagick-1.3.25-60.1
openSUSE Leap 42.3
GraphicsMagick-1.3.25-60.1
GraphicsMagick-devel-1.3.25-60.1
libGraphicsMagick++-Q16-12-1.3.25-60.1
libGraphicsMagick++-devel-1.3.25-60.1
libGraphicsMagick-Q16-3-1.3.25-60.1
libGraphicsMagick3-config-1.3.25-60.1
libGraphicsMagickWand-Q16-2-1.3.25-60.1
perl-GraphicsMagick-1.3.25-60.1

Ссылки

Описание

The ReadOneJNGImage function in coders/png.c in ImageMagick 6.9.9-4 and 7.0.6-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

Затронутые продукты
openSUSE Leap 42.2:GraphicsMagick-1.3.25-60.1
openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-60.1
openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-60.1
openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-60.1
Ссылки

Описание

ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage in coders\png.c.

Затронутые продукты
openSUSE Leap 42.2:GraphicsMagick-1.3.25-60.1
openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-60.1
openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-60.1
openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-60.1
Ссылки

Описание

In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service.

Затронутые продукты
openSUSE Leap 42.2:GraphicsMagick-1.3.25-60.1
openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-60.1
openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-60.1
openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-60.1
Ссылки

Описание

In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service.

Затронутые продукты
openSUSE Leap 42.2:GraphicsMagick-1.3.25-60.1
openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-60.1
openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-60.1
openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-60.1
Ссылки

Описание

The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c.

Затронутые продукты
openSUSE Leap 42.2:GraphicsMagick-1.3.25-60.1
openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-60.1
openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-60.1
openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-60.1
Ссылки

Описание

In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files.

Затронутые продукты
openSUSE Leap 42.2:GraphicsMagick-1.3.25-60.1
openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-60.1
openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-60.1
openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-60.1
Ссылки

Описание

In GraphicsMagick 1.3.26, an allocation failure vulnerability was found in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value.

Затронутые продукты
openSUSE Leap 42.2:GraphicsMagick-1.3.25-60.1
openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-60.1
openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-60.1
openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-60.1
Ссылки

Описание

The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 do not properly manage image pointers after certain error conditions, which allows remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-11403.

Затронутые продукты
openSUSE Leap 42.2:GraphicsMagick-1.3.25-60.1
openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-60.1
openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-60.1
openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-60.1
Ссылки

Описание

ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c.

Затронутые продукты
openSUSE Leap 42.2:GraphicsMagick-1.3.25-60.1
openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-60.1
openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-60.1
openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-60.1
Ссылки

Описание

In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file.

Затронутые продукты
openSUSE Leap 42.2:GraphicsMagick-1.3.25-60.1
openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-60.1
openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-60.1
openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-60.1
Ссылки

Описание

In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file.

Затронутые продукты
openSUSE Leap 42.2:GraphicsMagick-1.3.25-60.1
openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-60.1
openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-60.1
openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-60.1
Ссылки